<?php
namespace plugin\admin\app\middleware;

use plugin\admin\api\Auth;
use ReflectionException;
use support\exception\BusinessException;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;

class AccessControl implements MiddlewareInterface
{
    /**
     * @param Request $request
     * @param callable $handler
     * @return Response
     * @throws ReflectionException|BusinessException
     */
    public function process(Request $request, callable $handler): Response
    {
        $controller = $request->controller;
        $action = $request->action;

        $code = 0;
        $msg = '';
        if (!Auth::canAccess($controller, $action, $code, $msg)) {
            if ($request->expectsJson()) {
                $response = json(['code' => $code, 'msg' => $msg, 'data' => []]);
            } else {
                if ($code === 401) {
                    $response = json(['code' => $code, 'msg' => $msg, 'data' => []]);
                } else {
                    $request->app = '';
                    $request->plugin = 'admin';
//                    $response = view('common/error/403')->withStatus(403);
                    $response = json(['code' => $code, 'msg' => $msg, 'data' => []]);
                }
            }

        } else {
            $response = $request->method() == 'OPTIONS' ? response('') : $handler($request);
        }
        $dev = env('DEV');
        if($dev == 1 ){
            $devURL = env('DEV_URL');
            // 给响应添加跨域相关的http头
            $response->withHeaders([
                'Access-Control-Allow-Credentials' => 'true',
                'Access-Control-Allow-Origin' => $request->header('origin', $devURL),
                'Access-Control-Allow-Methods' => $request->header('access-control-request-method', '*'),
                'Access-Control-Allow-Headers' => $request->header('access-control-request-headers', '*'),
            ]);

        }


        return $response;

    }

}
